Changing Seasons in Security bring APTs to Forefront

Birds are beginning to leave their nests and fly south as winter slowly encroaches. The migration of our feathered friends ushers in the new season. As the seasons change so to have the targeted attacks in 2012. The surge of targeted attacks against remote users is exacerbating the Cybersecurity landscape. Remote access compromises are again the primary attack vector employed this year.

The modus operandi of targeting remote user devices to bypass the network security controls has become commonplace. These elite hacker crews applaud our widespread adoption of mobile devices as they fully recognize that your latest Android, iPhone or tablet have greater attack surfaces and minimal security controls beyond encryption. Steel tunnels do not frighten sophisticated adversaries; they enjoy riding the channel into your corporate information technology infrastructure. Once inside these crews deposit customized malware, often with all capabilities hardcoded internally with no external third-party tools. The robust anti-debugging techniques and complex command-and-control have become the hallmarks of the modern Advanced Persistent Threat (APT) design.

As mobile and web based attacks flourish an era of cyber colonization has been ushered in. We must strive to increase the level of discomfort to our adversaries as they move through our networks. This can only be achieved when we move away from vulnerability management and toward threat management. For too long we have dealt with the cyber-attacks by changing the locks on our doors after a break-in.

We must now create a context aware response. One which is founded in understanding not merely what the malicious content which was deposited in our network looks like but rather what lateral movement and behavioral patterns are exhibited by the intruder. Incident Responders must stop focusing on the bullet and the wound from the sniper. With the significant technological advances Trend has made it is now possible to understand what the sniper looks like; how he or she targeted you and thus identify their preferred birds nest. Attribution is now possible. Cyber situational awareness is paramount to managing cyber-attacks in 2012.

In this video, John Kindervag, principal analyst at Forrester Research, discusses network visibility and protecting against APTs.